[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Implicit Client authentication
Hi, > I have a severe problem at a customer side. the authentication to an > email webaccess-server is realized with the implicit client > authentication. (RSA SecurID is the authentication method). This works > really cool. But if an user is sitting e.g. in an hotel browsing to the > Webaccess-Address he is prompted for authentication, authenticates and > gets access to the server. So far so good. If a second user who resides > in the hotel (same hiding NAT address) in another room connects to the > webaccess-server he has access without any authentication. Do you have > any ideas how to prevent this? Don't use Client Authentication but User Authentication (yes, it does work with one-time passwords - you can control the usage e.g. via the session timeout parameter). Best regards, Axel Dunkel --- Systemberatung A. Dunkel GmbH, Gutenbergstr. 5, D-65830 Kriftel Tel.: +49-6192-9988-0, Fax: +49-6192-9988-99, E-Mail: [email protected] =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|